Start specific app from sandbox unsandboxed #1500
Comments
|
I have made a 50€ contribution so this request is taken more seriously. :) |
DavidXanatos
added
Feature Request
|
Thank you very much, |
Not a problem! I noticed that SandboxIE is now OpenSource and have an active developer, so thank you very much for your good work. A very common use case for SandboxIE is to run Steam multiple times. We use Aster V7 (or other software) to multiseat which gives you basically two (or multiple) stations from one computer. But Steam is a real pain, it just doesn't want to launch more than one instance even under different Windows users. It will kill the other instance. I have used SandboxIE for this purpose for years. But it presents other issues. The games themselves have no issues (like 99%) running multiple times, on the other hand sandboxing is sometimes messing with various things like anticheat software etc. I imagine a solution that you run just Steam inside the Sandbox, but launch the actual games outside and let them do what they want to do, even though I don't like anticheat software messing with my system as well and I would rather use it in Sandbox completely, but it is easier and without risk of unwarranted ban. So this is not usually so much security-focused as much of a convenience focused solution. The problem I see is that there is some interprocess communication between Steam and the game. I just tried lowering the Sandbox capabilities to the bare minimum in the supported version, but still have issues with EAC similar to this: https://issueexplorer.com/issue/sandboxie-plus/Sandboxie/1192 I really like mutliseating and supporting people using it, because it is green. fewer computers made, less electricity consumed, etc. And easier to maintain (even with occasional troubles like these). |
|
How should we call this setting? |
|
@DavidXanatos Sounds good. |
DavidXanatos
added
Status: Added in Next Build
|
So the feature will be included in the 1.0.8 build, So example some application opens a web browser and its box is configured to allow firefox.exe to break out, I think this behavior allows to use this feature also for security applications, not only for software compartmentalization. There are minor limitations such as that the process created outside will have certain privileges removed and if DropAdminRights=y is in place also user groups dropped, as it inherits the original token from the sandboxed parent. The filtering of the original token for the sandboxed processes can be disabled with the debug option UnfilteredToken=y but this weakens the isolation of boxes configured this way so its not recommended. |
|
@DavidXanatos Behaviour with forced processes makes sense. I will test it as soon as the 1.0.8 is available. |
|
Btw, will it be possible to set the breakout process as a path? |
|
No paths were not intended in this feature, should I add those? |
|
It is not really needed for my purposes, but I was thinking about the forced processes you mentioned and how you set up |
|
It will be BreakoutFolder= to stay consistent with the forced and alert folder stuff |
That makes sense, it is closer to that functionality. |
|
Works like a charm. You should advertise this feature for those who use it with Steam. |
how you make it works? cans you send your ini? :) |
|
This feature is rather significant, would you mind making it open to all users prior to the 250 patrons? |
Easiest was is to use: And set it to your steamapps folder. So Steam will be started in Sandbox, but any program from steamapps will be started outside. You can limit it to just a specific game folder or just a specific process using |
I recommend people to support SandboxIE, it is a great product. |
|
I am using Sandboxie and yes it's great. But this feature (Breakout) requires the user to be a supporter. |
|
You can still receive a certificate for free by contributing to the project in a meaningful way: #1388 (comment) For example: #1388 (comment) If you did that already, drop an email to @DavidXanatos, then you'll get one. |
|
Oh thank you, that's good to know. I'll definitely check out some way to contribute to the project non-monetarily. |
isaak654
added
the
Type: Documentation
I have a program that runs other programs and I want some of these programs to be run without Sandbox, is that possible?
It reminds me "Start Restrictions", but I don't seem to find a way how to start a program outside Sandbox there.
The text was updated successfully, but these errors were encountered: